[Casper] Kerberos destory script?

Ryan Harter rharter at uwsp.edu
Mon Apr 13 14:15:06 PDT 2009 

One thing to remember is that loginhooks are run as root, so you would  
need to add the "su $currentUser -c "kdestroy -a"".  While adding this  
to the hooks would probably work, it would be pretty similar to how  
Casper's loginhooks already fire it off, but you would lose that  
centralized aspect that Casper brings to the table.  Running this as a  
policy triggered by login or logout is really the best solution IMHO.

As long as you add the su it should be a fairly simple matter.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Apr 13, 2009, at 3:26 PM, Andy Hakala wrote:

> I did not realize that Casper made use of the Login/Logout hook…I  
> thought that the JAMF agent was looking at system events and using  
> that. I did see however that the current logout hook is a script  
> called ‘logouthook.sh’  and it is located in ‘/private/etc/ 
> scripts/’. It would seem to me that you could add the line to clear  
> the ‘kdestory –a’ line to this script.
>
> I will post this to the list as well…sorry for the confusion.
>
> Andy
>
> From: Ryan Harter [mailto:rharter at uwsp.edu]
> Sent: Monday, April 13, 2009 2:34 PM
> To: Andy Hakala
> Cc: casper at list.jamfsoftware.com
> Subject: Re: [Casper] Kerberos destory script?
>
> I could be wrong about this, but doesn't Casper use login and logout  
> hooks to fire off scripts at login or out?  Since you can only have  
> one of each hook, that means that if you replace Casper's hooks with  
> this, you would no longer be able to fire off policies at login/out.
>
> That may work for you, but would be unacceptable for me.
>
> Ryan Harter
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Apr 13, 2009, at 11:10 AM, Andy Hakala wrote:
>
>
> Have you tried setting this script as a login or logout hook? So  
> rather than having Casper execute a policy it is just something that  
> OS X will do every time someone logs into or out of the machine.
>
> Here is an Apple KB article on how to do this... http://support.apple.com/kb/HT2420 
> . This particular article is about making a Login Hook, but you  
> should be able to change the command text 'LoginHook' to  
> 'LogoutHook' if it is something that you want to happen on logout  
> instead.
>
> Andy Hakala
> Technology Support
> Hopkins High School
> Hopkins, MN
>
> -----Original Message-----
> From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com 
> ] On Behalf Of casper-request at list.jamfsoftware.com
> Sent: Saturday, April 11, 2009 2:01 PM
> To: casper at list.jamfsoftware.com
> Subject: Casper Digest, Vol 28, Issue 11
>
> Send Casper mailing list submissions to
>             casper at list.jamfsoftware.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>             http://list.jamfsoftware.com/mailman/listinfo/casper
> or, via email, send a message with subject or body 'help' to
>             casper-request at list.jamfsoftware.com
>
> You can reach the person managing the list at
>             casper-owner at list.jamfsoftware.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Casper digest..."
>
>
> Today's Topics:
>
>   1. Kerberos destory script? (NATHANIEL.LINDLEY at spps.org)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 10 Apr 2009 15:56:21 -0500
> From: NATHANIEL.LINDLEY at spps.org
> Subject: [Casper] Kerberos destory script?
> To: "Casper Listserv" <CASPER at LIST.JAMFSOFTWARE.COM>
> Message-ID:
>             <OFA45E2E0A.011F6D0B-ON86257594.00722BBD-86257594.0073D219 at spps.org 
> >
> Content-Type: text/plain; charset="us-ascii"
>
> Little help on scripting please.
>
> I'm trying to get a logout script that will destroy the Kerberos  
> ticket
> cache at logout.  I can make it work in Terminal but when pushed with
> Casper Remote or a policy it does nothing.
>
> This is all I have:
>
> #!/bin/sh
> ##################################
> # Destroy the Kerberos ticket of current user.
> # Nathaniel Lindley for SPPS, April 10, 2009
> ##################################
>
> kdestroy -a
>
>
> What else do I need?   Strange thing is that this is the default  
> behavior
> in 10.4 (to destroy kerberos ticket at logout) but not in 10.5, by  
> design
> according to Apple.  The problem is that at one school, students login
> with a "student" generic local account and then connect to a server  
> using
> their AD credentials from 10.5 client.  Then student logs out, and  
> another
> student logs in, trys to Connect to Server and is already logged in  
> as the
> previous student whose ticket is retained for 10 hours.
>
> Thanks for the help,
> -Nathaniel
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090410/85ae39d9/attachment.htm
>
> ------------------------------
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
> End of Casper Digest, Vol 28, Issue 11
> **************************************
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090413/e88c0227/attachment.html

More information about the Casper mailing list